#!/bin/bash 

wip1="192\.168\.254\.240"
wip2="nfm\.ihep\.ac\.cn"
wip3=""
wip4=""
wip5=""
wip6=""
wip7=""
wip8=""
wip9=""


echo '**********************************************************************'>/etc/motd
echo '*|  Time  |      Up Time     |Login Users|        Load Average        |'>>/etc/motd
echo -ne '* ' >>/etc/motd
w |grep 'load average'>> /etc/motd
echo '**********************************************************************'>>/etc/motd
echo '* TEL:5037(office);83050656'>>/etc/motd
cat /home/cc/dgh/notes>>/etc/motd
cat /etc/motd-local >> /etc/motd
# 
PATH=/sbin:/bin:/usr/sbin:/usr/bin
LOG_FILE=/var/log/secure
KEY_WORD="authentication failure"
PERM_LIST=/root/bin/bad.list.perm
LIMIT=15
MAIL_TO=adh@ihep.ac.cn
#tail -800 $LOG_FILE | grep -i "$KEY_WORD" |awk '{print $13}' > /root/bin/Failed.list
tail -500 $LOG_FILE | grep  "$KEY_WORD" |cut -d\=  -f7|cut -d\  -f1 > /root/bin/Failed.list
tail -500 /root/bin/Failed.list | sort -ur |
{
    while read ip
    do
  if [ "$ip" == "$wip1" ];then continue; fi
  if [ "$ip" == "$wip2" ];then continue; fi
  if [ "$ip" == "$wip3" ];then continue; fi
  if [ "$ip" == "$wip4" ];then continue; fi
  if [ "$ip" == "$wip5" ];then continue; fi
  if [ "$ip" == "$wip6" ];then continue; fi
  if [ "$ip" == "$wip7" ];then continue; fi
  if [ "$ip" == "$wip8" ];then continue; fi
  if [ "$ip" == "$wip9" ];then continue; fi
  if [ "$ip" == "$wip10" ];then continue; fi

      n=`grep $ip /root/bin/Failed.list | /usr/bin/wc -l`
      if ( t=`expr $n \> $LIMIT` )
      then
        ipt=`iptables -L INPUT -n|grep "$ip"`
        if [ "$ipt" == "" ];then
          iptables -I INPUT -s $ip -j DROP
          logger -n 192.168.254.240 `date +%s` ip $ip was DROP $t
          iptables -vnL INPUT | grep DROP  |\
          awk '{ print $8}' |\
          awk '/[0-9]/' | sort | uniq -c|sort -nr |\
          awk '{if($1 >1) print $1" "$2}' |\
          awk '{for(i=1;i<=$1-1;i++) print "iptables -D INPUT -s  " $2 " -j DROP" | "bash" } '
          echo "$ip" >> /root/bin/deny.ip
        fi
      fi
    done
}

exit
